The SSH command provides a secure encrypted connection between two hosts over an insecure network. This connection can also be used for terminal access, file transfers, and for tunneling other applications. Graphical X11 applications can also be run securely over SSH from a remote location.

Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform Ubuntu related queries.

In this context, we shall look into how to remotely connect to Linux Server over SSH.

More about SSH?

SSH (stands for secure shell) is a protocol used for securely accessing a remote system. It is the most commonly used protocol in Linux systems for remotely administering, managing, and troubleshooting the remote servers.

Here we will use the following prerequisites to establish remote connection over SSH:

i. Two Ubuntu machines (for remote server and client)

ii. Sudo user on both server and client machine

iii. Remote server’s IP address or hostname

iv. Remote server’s port number, user name, and password

How to establish a connection to Linux Server via SSH ?

In order to SSH Linux system, the steps involved are:

i. Installing OpenSSH on remote server.

ii. Configuring OpenSSH on remote server.

iii. Installing OpenSSH client on the local client machine.

iv. Accessing remote Linux server through SSH client.

In this guide, we will implement the task on Ubuntu 20.04 LTS.

1. How to install OpenSSH on a remote server ?

OpenSSH is a tool for remotely connecting the system over SSH. You will need to install it on the system which you want to access over SSH.

i. On the remote server, open the Terminal and issue the following command:

$ sudo apt update

ii. Then in order to install the OpenSSH server, issue the following command in Terminal:

$ sudo apt install openssh-server

iii. Then type sudo password.

iv. When asked for confirmation, hit y, after which the system will start the installation.

2. How to configure OpenSSH on remote server ?

Once the installation of OpenSSH is completed, you will need to perform some necessary configurations. The SSH configuration file is "/etc/ssh/sshd_config". 

i. To edit the configuration file, issue the following command in Terminal:

$ nano /etc/ssh/sshd_config

ii. Before making any changes to this file, it is better to make a copy of the original configuration file using the following command:

$ sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original

We will only configure some of the options while leaving the rest of the options to default.

3. How to modify SSH listening port ?

By default, OpenSSH runs on TCP port 22. However, if you want the OpenSSH server to listen on some other port (Between port numbers 1024 – 65535), you can do so as follows:

i. Edit the /etc/ssh/sshd_config configuration file:

$ sudo nano /etc/ssh/sshd_config

ii. Locate ‘port 22’ in the file. You can use Ctrl+W to search it.

Replace 22 by the port number you want your OpenSSH server to listen to. Also, remove the # symbol before the line.

For instance, to set OpenSSH listening port to 250, the line would be:

port 250 

iii. Now save the configuration file.

4. How to enable root login on the SSH server ?

By default, root login is disabled in the OpenSSH server which means you cannot log in as a root user. If you need to log in as a root user to your remote SSH server, you will need to enable root login in Open SSH configuration.

i. Edit the /etc/ssh/sshd_config configuration file:

$ sudo nano /etc/ssh/sshd_config

ii. Locate PermitRootLogin prohibit-password and replace it with the following line. iii. Also, remove the # symbol before the line.

PermitRootLogin yes

iv. Now save the configuration file.

5. How to minimize number of authentication attempts ?

By default, there are 6 authentication attempts allowed to log in to the SSH server. You can reduce these authentication attempts by changing the value of parameter MaxAuthTries.

i. For instance, to reduce the number of authentication attempts to 3, edit the /etc/ssh/sshd_config configuration file:

$ sudo nano /etc/ssh/sshd_config

ii. Then locate MaxAuthTries and change its value to 3.

iii. Also, remove the # symbol before the line.

MaxAuthTries 3

iv. Now save the configuration file.

6.  How to Allow or deny certain users from logging in to SSH server ?

By default, all user accounts are allowed to log in to remote system via SSH. 

i. In order to allow only certain users to log in to the SSH server, edit the /etc/ssh/sshd_config file:

$ sudo nano /etc/ssh/sshd_config

ii. Then add the following line in this file by replacing user1 and user2 with the name of the users who are allowed to log in.

AllowUsers user1 user2

Similarly, to deny any user from accessing the SSH server, add the following line in this file by replacing user1 and user2 with the name of the users who are not allowed to log in.

DenyUsers user1 user2

The above line will allow all users except 'user' to login via SSH.

Now, save the configuration file.

After making any changes to the configuration file, restart SSH service by using the following command:

$ sudo service ssh restart

7. How to install OpenSSH client on the local client machine ?

On the client machine that wants to connect to the Linux server via SSH, we will need to install OpenSSH client utility.

i. To install OpenSSH client, issue the following command in the client machine’s Terminal:

$ sudo apt install openssh-client

ii. When asked for the password, provide sudo password.

iii. When asked for confirmation, hit y, after which the system will start the installation. Once the installation is completed, you are ready to use the OpenSSH client.

8. How to access Linux server through SSH client over LAN ?

Through OpenSSH client, you can connect to the SSH server over LAN either using the IP address or hostname. 

i. On the client's machine, use the following syntax to connect remote server over SSH:

$ ssh [username]@[remoteserver IP or hostname]

ii. When prompted for the password, enter the user's password. Once the connection is established, you will see the shell prompt for the remote server.

In case, you have changed the OpenSSH listening port, then the command to connect to SSH server would be:

$ ssh -p [port_number] [username]@[ip_address]

How to access Linux server through SSH client over the Internet ?

In order to connect a remote server over the internet, you will require the Public IP of the remote server and you will also need to set up port forwarding on your router. Here are the steps to how to SSH remote server over the internet:

1. First, you will need to find out the public IP address of the remote server. To do so, issue the following command in the remote machine’s terminal:

$ curl ipaddr.pub

2. Now, you will need to set up forwarding on the router. How to setup it differs from router to router but almost all the routers allow you to do this.

3. Once you find the public IP address of the remote machine and setup port forwarding on the router, use the following syntax to SSH remote Linux machine:

$ ssh [username]@[public_ip_address]

In case, the remote server is configured to use a port number other than 22, then the syntax would be:

$ ssh -p [port_number] [username]@[public_ip_address]

[Need urgent assistance to fix Linux related errors? We are available to help you. ]